Intermittant VPN problems (and ping failures for packets >1380 bytes)

Posted on 2005-04-11
Last Modified: 2010-04-12
Hopefully someone can help me with this problem.
I have the following setup:

VPN Server is a Netcomm NB3200 Router, connected via ADSL to the internet (IP Address

VPN Client is a Windows XP Pro (SP2) Workstation also connected via ADSL to the internet through a Netcomm NB1300 Plus 4 Modem. For the VPN Client, I'm using Netcomm's VPN client (which establishes an IPSec Tunnell).

I have no problems establishing a VPN tunnell, or doing basic work across the tunnell.

A ping between the sites across the VPN responds in (generally) under 100ms.

I have had intermittant problems recently where applications requiring reasonable amounts of data to be transferred across the VPN hang.

During my investigations, I found that if I ping a larger packet (i.e. ping -L 1390), this always fails.
If I ping a slightly smaller packet (ping -L 1370), it always responds.
Nb. I have NOT set the -f flag!

Pings from other sites (with other workstations) get through even at the larger packet size (say 1400), leading me to think it's either the workstation or the local router (unfortunately there are no other workstations at the site, so I can't test another PC).

Other sites can connect (and ping) fine even at the larger packet size.

Does anyone know what could be causing the problem?

Cheers, Marcus.
Question by:mjh0
    LVL 79

    Accepted Solution


    Author Comment

    thanks - I reduced the MTU size on the local router (attached to the workstation), and that appears to have done the trick :-)

    From reading the info in the links, the PPPoE adds around 8 bytes - any idea what an IPSec VPN tunnell adds to each packet (just out of interest)?
    LVL 79

    Expert Comment

    Glad to help!
    I don't think that the IPSEC actually adds any overhead. The packets will be fragmented before encryption if necessary.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now